VMware Products Tools Remote Code Execution Vulnerabilies (win) Network Vulnerability

Summary

The host is installed with VMWare products and are prone to remote code execution vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code. Impact Level: System/Application

Solution

For Upgrades refer the below link, http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Insight

The flaw is due to error in 'tools' which does not properly access libraries. This allows attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

Affected

VMware Player 2.5.x before 2.5.4 build 246459, VMware Workstation 6.5.x before 6.5.4 build 246459

References

http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://secunia.com/advisories/39198
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1141, CVE-2010-1142

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows

Take action and discover your vulnerabilities